Administrators of Web servers that were infected with a recently released ransomware program for Linux are in luck: There’s now a free tool that can decrypt their files.

The tool was created by malware researchers from antivirus firm Bitdefender, who found a major flaw in how the Linux.Encoder.1 ransomware uses encryption.

The program makes files unreadable by using the Advanced Encryption Standard (AES), which uses the same key for both the encryption and decryption operations. The AES key is then encrypted too by using RSA, an asymmetric encryption algorithm.

The RSA algorithm uses a public and private key pair instead of a single key. The public key is used to encrypt data and the private key is used to decrypt it. In the case of Linux.Encoder.1, the RSA public-private key pair is generated on the attackers’ servers and only the public key is sent to infected systems and used to encrypt the AES key.

To read this article in full or to leave a comment, please click here